Protect Caja JSONP responses against “Rosetta Flash” vulnerability

[GoogleCodeExporter]

Any domain (origin) containing the cajoling service or proxy service is 
vulnerable.

Introduction to the vulnerability:
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

We should apply these known mitigations:
- Add a fixed prefix (such as comment) to the JSONP response, before the 
user-supplied callback.
- Responses should have Content-Disposition:attachment.
- Responses should have X-Content-Type-Options: nosniff

This must be done separately on trunk and es53 branches, because on trunk the 
ProxyServlet has been refactored to remove the more general cajoling service 
mechanisms.

Original issue reported on code.google.com by kpreid@google.com on 9 Jul 2014 at 11:14

[GoogleCodeExporter]

https://codereview.appspot.com/118640043/
https://codereview.appspot.com/117650043/

Original comment by kpreid@google.com on 5 Aug 2014 at 11:44

• Changed state: Pending

[GoogleCodeExporter]

@r5697, r5698

Original comment by kpreid@google.com on 22 Sep 2014 at 10:15

• Changed state: Fixed
• Removed labels: Private